Effort and risk estimation are both important and problematic in software engineering. Inaccurate effort estimates can lead a team to making unrealistic commitments for completing a software project. Effort estimation models can be complex and require a significant amount of historical data to be collected and analyzed. As a result, effort estimates are often done in an ad hoc manner by management and/or team leaders. Likewise, software teams often estimate and rank their risks in a subjective manner due to problems quantifying the probability of a risk occurring and the impact of the risk.
In recent years, some software development teams have begun to estimate the effort needed to implement product requirements via a Wideband Delphi practice commonly called Planning Poker. With the Wideband Delphi practice, team members gather in a room and are asked to make estimates individually and anonymously by choosing a card in their hands. All the estimates are then simultaneously shown to the team (by flipping cards over) and differences of opinion are discussed. Additional estimation and discussion rounds take place until the team converges on what they jointly feel is a reasonable estimate. The diversity of participant opinions about the effort required to implement a requirement drives discovery of important product information in the Planning Poker discussion.
We have developed a Wideband Delphi, Planning-Poker type practice called Protection Poker that leverages a diversity of ideas, experience, and knowledge related to software security. The dual purpose of a Protection Poker session is (1) to structure a collaborative, interactive, and informal practice for misuse case development and threat modeling leading to a software security risk estimate; and (2) to spread software security knowledge throughout a team. A pilot of the use of Protection Poker with an industrial partner has indicated its value for achieving these purposes.
Bio
Laurie Williams is an Associate Professor in the Computer Science Department of the College of Engineering at North Carolina State University (NCSU). Her research focuses on agile software development practices and processes; software reliability, software testing and analysis; software security; open source software development; and broadening participation and increasing retention in computer science. Laurie leads the Software Engineering Realsearch research group at NCSU. With her students in the Realsearch group, Laurie has been involved in working collaboratively with high tech industries like ABB Corporation, Cisco, IBM Corporation, Microsoft, Nortel Networks, Red Hat, Sabre Airline Solutions, SAS, and Tekelec. Laurie is the Director of the North Carolina State University Laboratory for Collaborative System Development and the Center for Open Software Engineering, and an area representative for the Secure Open Systems Initiative. Laurie is the technical co-director of the Center for Advanced Computing and Communication (CACC). Laurie received her Ph.D. in Computer Science from the University of Utah, her MBA from Duke University Fuqua School of Business, and her BS in Industrial Engineering from Lehigh University. She worked for IBM Corporation for nine years in Raleigh, NC and Research Triangle Park, NC before returning to academia.
“ Great topic and Laurie is a super speaker. ”
Sam Bayer (+2 guests)
Nelson Nauss (+3 guests)
Talk about this Meetup
Delete this comment?
This comment has been deleted.